CVE-2024-4420 in Tink-ccinfo

Zusammenfassung

von MITRE • 21.05.2024

There exists a Denial of service vulnerability in Tink-cc in versions prior to 2.1.3.  * An adversary can crash binaries using the crypto::tink::JsonKeysetReader in tink-cc by providing an input that is not an encoded JSON object, but still a valid encoded JSON element, for example a number or an array. This will crash as Tink just assumes any valid JSON input will contain an object.


* An adversary can crash binaries using the crypto::tink::JsonKeysetReader in tink-cc by providing an input containing many nested JSON objects. This may result in a stack overflow.


We recommend upgrading to version 2.1.3 or above

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Zuständig

Google Inc.

Reservieren

02.05.2024

Veröffentlichung

21.05.2024

Moderieren

akzeptiert

Eintrag

VDB-265364

CPE

bereit

EPSS

0.00226

KEV

nein

Aktivitäten

very low

Quellen

Want to know what is going to be exploited?

We predict KEV entries!